For thirty years the web has had exactly one safe way to ask a server a question — GET — and it can't carry a body. So every real search endpoint quietly cheats with POST and loses caching, idempotency, and honesty about what it's doing. QUERY is the proposed method that fixes the thirty-year-old workaround: safe and idempotent like GET, but with a request body like POST.
A password is a secret you have to keep secret from everyone — including the server you have to share it with. That contradiction has been the root of every leak, phish, and reused-credential breach for thirty years. Passkeys fix it by never sending a secret at all: your device keeps a private key, the server keeps a useless public one, and phishing simply stops working.